Storage
AWS provides different storage types for different use cases. The three core services are S3 (object storage), EBS (block storage for EC2), and EFS (shared file storage).
| Service | Type | Access | Use Case |
|---|---|---|---|
| S3 | Object storage | HTTP API | Files, backups, static websites, data lakes |
| EBS | Block storage | Attached to one EC2 | Databases, OS disks, high-performance I/O |
| EFS | File storage (NFS) | Shared across EC2s | Shared config, CMS content, container storage |
S3 (Simple Storage Service)
Section titled “S3 (Simple Storage Service)”S3 stores data as objects (files) in buckets (containers). It’s designed for 99.999999999% (11 nines) durability — your data is essentially never lost.
Core Concepts
Section titled “Core Concepts”┌─────────────────────────────────────────┐│ Bucket: my-company-assets ││ (globally unique name, region-specific)││ ││ ├── images/ ││ │ ├── logo.png (object) ││ │ └── banner.jpg (object) ││ ├── data/ ││ │ └── report-2026.csv (object) ││ └── index.html (object) │└─────────────────────────────────────────┘| Concept | What It Is |
|---|---|
| Bucket | A container for objects. Name must be globally unique across all AWS accounts. |
| Object | A file + metadata. Identified by a key (the full path, e.g. images/logo.png). |
| Key | The “path” to an object within a bucket. S3 is flat — the / is just part of the key name, not a real directory. |
| Metadata | Key-value pairs attached to an object (content type, custom headers, etc.). |
| Object size | 0 bytes to 5 TB per object. Use multipart upload for files > 100 MB. |
Basic Operations
Section titled “Basic Operations”# Create a bucketaws s3 mb s3://my-unique-bucket-name
# Upload a fileaws s3 cp report.csv s3://my-bucket/data/report.csv
# List objectsaws s3 ls s3://my-bucket/data/
# Downloadaws s3 cp s3://my-bucket/data/report.csv ./local-report.csv
# Sync a directory (like rsync)aws s3 sync ./local-dir s3://my-bucket/backup/
# Deleteaws s3 rm s3://my-bucket/data/old-report.csv
# Delete a bucket (must be empty)aws s3 rb s3://my-bucketStorage Classes
Section titled “Storage Classes”S3 offers different storage classes that trade access speed for cost:
| Storage Class | Access | Retrieval Fee | Monthly Cost (per GB) | Use Case |
|---|---|---|---|---|
| S3 Standard | Instant | None | ~$0.023 | Frequently accessed data |
| S3 Standard-IA | Instant | Per-GB fee | ~$0.0125 | Infrequent access (backups, older data) |
| S3 One Zone-IA | Instant | Per-GB fee | ~$0.010 | Infrequent, non-critical (can recreate) |
| S3 Glacier Instant | Instant | Per-GB fee | ~$0.004 | Archive with instant access |
| S3 Glacier Flexible | Minutes to hours | Per-GB fee | ~$0.0036 | Archive (compliance, long-term backup) |
| S3 Glacier Deep Archive | 12–48 hours | Per-GB fee | ~$0.00099 | Rarely accessed archive |
| S3 Intelligent-Tiering | Automatic | None | ~$0.023 + monitoring fee | Unknown access patterns |
Lifecycle Policies
Section titled “Lifecycle Policies”Automatically move objects between storage classes or delete them:
{ "Rules": [{ "ID": "archive-old-logs", "Status": "Enabled", "Filter": {"Prefix": "logs/"}, "Transitions": [ {"Days": 30, "StorageClass": "STANDARD_IA"}, {"Days": 90, "StorageClass": "GLACIER_IR"}, {"Days": 365, "StorageClass": "DEEP_ARCHIVE"} ], "Expiration": {"Days": 730} }]}This moves logs to cheaper storage over time and deletes them after 2 years.
Versioning
Section titled “Versioning”Versioning keeps every version of every object. When you overwrite or delete a file, previous versions are preserved.
# Enable versioningaws s3api put-bucket-versioning --bucket my-bucket \ --versioning-configuration Status=Enabled
# List versionsaws s3api list-object-versions --bucket my-bucket --prefix data/report.csv- Protects against accidental deletion — delete adds a “delete marker”; the object can be restored.
- Increases storage cost — old versions consume space. Use lifecycle rules to expire old versions.
Bucket Policies and ACLs
Section titled “Bucket Policies and ACLs”Bucket policies (JSON, like IAM policies) control access at the bucket level:
{ "Version": "2012-10-17", "Statement": [{ "Sid": "PublicRead", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::my-website-bucket/*" }]}Best practice: Use bucket policies and IAM policies. Avoid ACLs (legacy, harder to manage). Block public access by default — enable it only when intentional (static websites).
Static Website Hosting
Section titled “Static Website Hosting”S3 can serve a static website (HTML, CSS, JS):
# Enable website hostingaws s3 website s3://my-website-bucket \ --index-document index.html --error-document error.htmlAccess at: http://my-website-bucket.s3-website-us-east-1.amazonaws.com
For production, put CloudFront (CDN) in front for HTTPS, caching, and a custom domain.
S3 Security Best Practices
Section titled “S3 Security Best Practices”| Practice | Why |
|---|---|
| Block public access (default) | Prevent accidental data leaks |
| Enable versioning | Protect against accidental deletes |
| Enable server-side encryption (SSE-S3 or SSE-KMS) | Encrypt data at rest |
| Use VPC endpoints for private access | S3 traffic doesn’t leave the AWS network |
| Enable access logging | Audit who accessed what |
EBS (Elastic Block Store)
Section titled “EBS (Elastic Block Store)”EBS provides block-level storage volumes for EC2 instances. Think of an EBS volume as a virtual hard drive.
Volume Types
Section titled “Volume Types”| Type | Code | Performance | Use Case |
|---|---|---|---|
| General Purpose SSD | gp3 | 3,000–16,000 IOPS | Boot volumes, dev/test, most workloads |
| Provisioned IOPS SSD | io2 | Up to 256,000 IOPS | Databases (MySQL, PostgreSQL, Oracle) |
| Throughput Optimized HDD | st1 | 500 MB/s throughput | Big data, log processing, data warehouses |
| Cold HDD | sc1 | 250 MB/s throughput | Infrequent access, lowest cost |
gp3 is the default choice for most workloads — good performance at a reasonable price.
Key Characteristics
Section titled “Key Characteristics”| Feature | Detail |
|---|---|
| Attachment | One EC2 instance at a time (except io2 with multi-attach) |
| AZ-bound | A volume exists in one AZ; must be in the same AZ as the EC2 instance |
| Snapshots | Point-in-time backup to S3. Incremental (only changed blocks). Can copy across regions. |
| Encryption | AES-256, managed by KMS. Enable by default via account-level setting. |
| Size | 1 GB – 64 TB |
Common Operations
Section titled “Common Operations”# Create a volumeaws ec2 create-volume --volume-type gp3 --size 100 --availability-zone us-east-1a
# Attach to an instanceaws ec2 attach-volume --volume-id vol-abc --instance-id i-xyz --device /dev/sdf
# Create a snapshotaws ec2 create-snapshot --volume-id vol-abc --description "Before upgrade"
# Create a volume from a snapshot (even in a different AZ)aws ec2 create-volume --snapshot-id snap-abc --availability-zone us-east-1bEFS (Elastic File System)
Section titled “EFS (Elastic File System)”EFS is a managed NFS file system that can be mounted by multiple EC2 instances simultaneously — useful for shared storage.
EFS vs EBS
Section titled “EFS vs EBS”| EBS | EFS | |
|---|---|---|
| Protocol | Block (attached to one instance) | NFS (mounted by many instances) |
| AZ scope | Single AZ | Multi-AZ (regional) |
| Scaling | Fixed size (set at creation, can resize) | Auto-scales (pay for what you use) |
| Performance | Very high IOPS (io2) | Good throughput, higher latency than EBS |
| Best for | Databases, boot volumes | Shared config, CMS, container storage |
Mounting EFS
Section titled “Mounting EFS”# Install NFS clientsudo yum install -y amazon-efs-utils
# Mount the file systemsudo mount -t efs fs-abc123:/ /mnt/efs
# Add to /etc/fstab for auto-mount on rebootecho "fs-abc123:/ /mnt/efs efs defaults,_netdev 0 0" | sudo tee -a /etc/fstabEFS Storage Classes
Section titled “EFS Storage Classes”| Class | Cost | Use Case |
|---|---|---|
| Standard | Higher | Frequently accessed files |
| Infrequent Access (IA) | Lower + retrieval fee | Files accessed less than once a month |
Use lifecycle management to move files to IA automatically after N days.
Choosing a Storage Service
Section titled “Choosing a Storage Service”| Question | Answer |
|---|---|
| Storing files accessed via HTTP/API? | S3 |
| Need a disk for an EC2 instance? | EBS |
| Need shared storage across multiple EC2s? | EFS |
| Long-term archive (compliance, backups)? | S3 Glacier |
| High-performance database storage? | EBS io2 |
| Container shared storage (ECS/EKS)? | EFS |
Key Takeaways
Section titled “Key Takeaways”- S3 is object storage for files, backups, and static websites. Use lifecycle policies to move data to cheaper tiers automatically.
- EBS is block storage attached to a single EC2 instance. Use
gp3for most workloads,io2for databases. - EFS is shared NFS storage across multiple instances. Auto-scales and is regional (multi-AZ).
- Always enable encryption and versioning (S3) or snapshots (EBS) for data protection.
- Use S3 Intelligent-Tiering when you don’t know the access pattern; use explicit storage classes when you do.